Ad Context Protocol (AdCP) Advertising
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This documentation-only advertising skill is not obviously malicious, but it needs review because it can launch and change real ad campaigns and budgets without clearly documented approval limits.
Use the test agent first. Before connecting production advertising accounts or tokens, set hard budget limits, require human approval for campaign launch, campaign updates, budget movement, and creative uploads, verify the endpoint and skill source, and store production tokens in a secret manager rather than in docs or prompts.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to a production ad account, an agent could create or alter campaigns that spend money and publish ads before the user has reviewed all details.
The skill explicitly contemplates production ad delivery and real spending. The provided instructions do not pair this with mandatory confirmation, spend caps, approval gates, or rollback controls before campaign creation or budget changes.
Ready for real ad delivery? ... Launch campaigns with real budgets
Require explicit user confirmation for every production create, update, pause, resume, budget, and creative action; enforce account-level spend limits; and keep test and production endpoints visibly separated.
A production token could let the agent act on an advertising account, including creating campaigns or changing budgets.
Bearer tokens are expected for this integration, but they authorize campaign-management operations and production credential handling is not reflected in the registry credential declarations.
AdCP uses **Bearer token authentication**: `Authorization: Bearer <your-token>`
Use least-privilege production tokens, store them in a secret manager or environment configuration, and never paste production tokens into prompts, examples, or skill files.
Sensitive marketing plans or targeting details could be shared with an untrusted or mistaken advertising endpoint.
The workflow relies on external AdCP/MCP agent endpoints. Campaign briefs, brand manifests, targeting, and creative information may be sent to whichever endpoint is configured.
Find sales agents: `get_adcp_capabilities` on production endpoints ... Update agent URL to production
Use only verified production endpoints, confirm which provider will receive each request, and minimize campaign or audience data sent to agents you do not trust.
Users may not know who maintains the instructions that guide production campaign actions.
No executable code is included, so the install-time risk is limited, but the provenance of a skill that guides high-impact ad spending is not fully established by the supplied metadata.
Source: unknown
Verify the skill repository, compare instructions with the official AdCP documentation, and prefer reviewed sources before using it with production ad accounts.